From f2f296ba6064f9ba343888e1a658425311890896 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 2 Sep 2009 09:24:10 -0400
Subject: openvpn patch from dan: Openvpn connects to cache ports and stores
 files in nfs and cifs directories.

---
 policy/modules/services/openvpn.te | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index b7853fe9..4ad43ef4 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -1,5 +1,5 @@
 
-policy_module(openvpn, 1.8.1)
+policy_module(openvpn, 1.8.2)
 
 ########################################
 #
@@ -87,6 +87,7 @@ corenet_tcp_bind_openvpn_port(openvpn_t)
 corenet_udp_bind_openvpn_port(openvpn_t)
 corenet_tcp_connect_openvpn_port(openvpn_t)
 corenet_tcp_connect_http_port(openvpn_t)
+corenet_tcp_connect_http_cache_port(openvpn_t)
 corenet_rw_tun_tap_dev(openvpn_t)
 corenet_sendrecv_openvpn_server_packets(openvpn_t)
 corenet_sendrecv_openvpn_client_packets(openvpn_t)
@@ -115,6 +116,16 @@ tunable_policy(`openvpn_enable_homedirs',`
 	userdom_read_user_home_content_files(openvpn_t)
 ')
 
+tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
+        fs_read_nfs_files(openvpn_t)
+        fs_read_nfs_symlinks(openvpn_t)
+')  
+
+tunable_policy(`openvpn_enable_homedirs && use_samba_home_dirs',`
+        fs_read_cifs_files(openvpn_t)
+        fs_read_cifs_symlinks(openvpn_t)
+')  
+
 optional_policy(`
 	daemontools_service_domain(openvpn_t, openvpn_exec_t)
 ')
-- 
cgit v1.2.3